Locking The Wireless Network

As the popularity of wireless networks in homes and small businesses continues to soar, so do the chances that outsiders will hack unsecured networks and use them for malicious purposes.

Very few home and business owners realize the importance of securing their networks and the risks they incur by not doing so. It is often up to solution providers to solve the problem. Fortunately, several methods and products are available to help mend the holes.

Michael Young, principal at Connected Homes, a San Jose, Calif.-based home integrator, says the starting point is often helping customers realize the implications of not securing their wireless networks.

"You try not to scare people too much, but they need to realize [the impact]," Young says. For example, Young notes that a home's unsecured wireless network could be used by a neighbor for downloading copyrighted material. It is often difficult to determine who on a network downloaded particular files, so the network owner could be sued by the Recording Industry Association of America or other organizations.

Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation, says there haven't yet been cases of homeowners in the United States prosecuted for the activities of other users who access their WLANs to conduct criminal activity. "However, it could lead to that house being the first step in the investigation," Bankston notes.In March, an Illinois man was arrested after police noticed him sitting with a laptop in a car outside a nonprofit agency's building. The man was accessing the Internet through the organization's wireless network, and was charged with remotely accessing another computer system without the owner's approval and fined $250.

Small businesses with unsecured WLANs may also be leaving open doors that can lead into the corporate network, says Greg Starr, principal at See-Comm, a New Boston, Texas, integrator. "If someone gets through the WLAN connection, they could potentially get to the company's servers. These companies are leaving themselves wide open to a number of different types of attacks by not enabling security on their wireless networks," Starr says.

Even home users are at risk if they access their employers' secured systems via unsecured wireless networks. Attackers can use the network to gain access to the corporate systems.

One problem is that people generally don't keep up with changing passwords and settings on their home and SOHO WLANs, says Robert Cox, principal at Cox Network and PC Services, a Bel Air, Md.-based integrator. Integrators can easily boost customers' WLAN security by disabling SSID and setting up encryption keys to be changed on a regular basis, Cox says. VPNs also are helpful for creating secure remote connections.

Cox notes that the wireless signals in products from some vendors, such as Buffalo Technology, Hawking Technologies and SMC, can be modified so they don't go beyond the building's walls. While customers sometimes don't want the extra expense for such access points, the investment is usually worthwhile.Aaron Fuhrman, an engineer at Home Technologies, a Bellevue, Wash., integrator, says his company frequently limits the broadcast range of WLANs through power and antenna adjustments. "You can use a directional antenna so it only covers a building instead of radiating the signal in a 360[-degree] pattern," he explains.

Another option is to configure the Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) security most vendors build into their products but most users ignore, Fuhrman says. "WPA is the more secure of the two and is not susceptible to brute force hacks," he says. When installing older products that use WEP,

Fuhrman adds an extra layer of protection by using MAC address filtering, which prevents unauthorized users from accessing the WLAN even if they have the encryption key.

When it comes to encryption, a measured approach works best, says David Ducharme, CEO of Total Home Technologies, Salem, Mass. "Usually the more encryption you have, the less the range of the products, so it's kind of a balancing act in some ways."

Vendors are beginning to address the issue of unsecured WLANs with products designed specifically for homes and SOHOs. Kaspersky Lab's recently-released Internet Security 6.0 includes software that scans home and SOHO wireless and wired networks, blocks access or limits the activities that can be done within the network and includes an antihacker feature, says Charles Waelde, senior technical engineer at the Moscow-based company.

"To protect the workstation, you also have the ability to put the PC into stealth mode. This will completely isolate the PC on the network from other machines and no one will be able to see you on the network," Waelde says. If attackers use brute force, ping of death or denial-of-service attacks, the product can deny access from the IP address until the user allows access or blocks it permanently.WiTopia, Reston, Va., just launched its SecureMyWiFi service, which starts at $9.99 per year for home users and $99 per year for businesses. The software is downloaded to the customer's network and uses an external server to provide authentication, encryption and other services. The company provides integrators with a 40 percent margin on the price of the first year of service, and also offers the software preinstalled on other vendors' access points.

Mount Laurel, N.J.-based TrustEli last year launched its Eli Managed Service appliance for homes and small businesses, and recently signed a distribution agreement with D&H Distributing. Eli includes a firewall, content filtering, wireless gateway, VPN support and protection against viruses, spam, spyware and phishing attacks. The cost is $199.99 with a $9.99 monthly service fee.

Another important aspect of securing wireless networks is documenting every step of the process and recording changes to equipment settings, says Gordon van Zuiden, principal at CyberManor, a Los Gatos, Calif.-based integrator. For an integrator with numerous customers, each with their own security settings and equipment specifics, keeping track of the details can be challenging.

"If you are going to start adding or changing things in the wireless network, you need to keep a database with all of the information logged," he says. "If this information isn't available, it will end up as an expensive wasted service call."

Van Zuiden uses QuickBase, an online database from Mountain View, Calif.-based Intuit, for all of his service requests. QuickBase is useful because integrators can specify information such as client names, technical parameters of the home, IP addresses, logins and passwords. "The best part about QuickBase is that our engineers can access it online and get the configuration information at the customer's location," he says.Integrators can rant and rave about the many problems with unsecured networks and the reasons to protect them, but demonstrations of the problem often are the most effective ways to convince hesitant customers. Young uses NetStumbler, Windows-based software that can detect open WLANs, to show clients all the open access points in their neighborhoods.

"I'll arrive early, fire up my laptop in their driveway and tell them the name of their access points before I even walk in the door," Young says. "Something that dramatic tends to make them realize that their WLAN signals don't stop at the walls of their home."

For more news, reviews and commentary on the digital home and small-business markets, sign up for CRN's Digital Connect e-mail newsletter.0